Security
One of the items that critics of clouds repeatedly hammer on is cloud security. It seems that having your data in the cloud on machines you do not control is very emotionally challenging to people. It also introduces real regulatory and standards compliance issues that you need to consider. In reality, the cloud can be made as secure as—or even more secure than—a traditional data center. The way you approach information security, however, is radically different.
A move into the cloud requires consideration of a number of critical security issues:
Legal implications, regulatory compliance, and standards compliance issues are different in the cloud.
There is no perimeter in the Amazon cloud; a security policy focused on perimeter security will not work with Amazon and should not be your focus, even with clouds that support traditional perimeter security.
Although there have been no publicized exploits, cloud data storage should assume a high-risk profile.
Virtualization technologies such as Xen may ultimately have their own vulnerabilities and thus introduce new attack vectors.
Legal, Regulatory, and Standards Implications
Unfortunately, the law and standards bodies are a bit behind the times when it comes to virtualization. Many laws and standards assume that any given server is a physically distinct entity. Most of the time, the difference between a physical server and a virtual server is not important to the spirit of a given law or standard, but the law or standard may nevertheless ...
Get Cloud Application Architectures now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.